Cyber risks lurk far beyond organizations' own walls: Report

WASHINGTON — Current cyber risk management does not give much consideration to “digital distant perfection” — the aggregation of cyber risks that can lie far beyond an organization's own four walls, according to report issued Wednesday.

The report — “Beyond Data Breaches: Global Interconnections of Cyber Risk” — was released during a discussion at the Atlantic Council, a Washington-based think tank. It was the result of a yearlong study of the issue by the Atlantic Council and Zurich Insurance Group Ltd.

Atlantic Council President and CEO Frederick Kempe told attendees that governments and “forward-looking” organizations must take a holistic view of cyber risk. The report said that while the internet has proved to be “incredibly resilient,” the internet of the future may not be as resilient and robust as today. “It will also be more likely to initiate and cascade global shocks,” said the report.

The Heartbleed computer bug “really shows us how quickly cyber landscapes can change,” said Michael Kerner, CEO of general insurance at Zurich. He advised his audience to look outside their own organizations for cyber risks that need to be addressed.

The report recommended steps for organizations to take in order to be more resilient to cyber shocks. These include:

• Putting the private sector at the center of crisis management, since government management of cyber risk lacks the agility needed;

• Developing plans within organizations that have system-wide responsibility that ensure the stability of the system as a whole, rather than risks to an individual organization;

• Investing in trained teams ready to respond with defined procedures; and

• Conducting simulations of the most likely and most dangerous cyber risks to better prepare.